WO2013083072A1 - Method and system for digital content online reading authentication - Google Patents

Method and system for digital content online reading authentication Download PDF

Info

Publication number
WO2013083072A1
WO2013083072A1 PCT/CN2012/086147 CN2012086147W WO2013083072A1 WO 2013083072 A1 WO2013083072 A1 WO 2013083072A1 CN 2012086147 W CN2012086147 W CN 2012086147W WO 2013083072 A1 WO2013083072 A1 WO 2013083072A1
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
information
rights
request
permission
Prior art date
Application number
PCT/CN2012/086147
Other languages
French (fr)
Chinese (zh)
Inventor
李小磊
万巍
瞿超
雷超
Original Assignee
北大方正集团有限公司
北京方正阿帕比技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北大方正集团有限公司, 北京方正阿帕比技术有限公司 filed Critical 北大方正集团有限公司
Priority to JP2014536109A priority Critical patent/JP2015502586A/en
Priority to EP12856539.7A priority patent/EP2690574B1/en
Priority to KR1020137031874A priority patent/KR101578886B1/en
Priority to US13/894,138 priority patent/US8943312B2/en
Publication of WO2013083072A1 publication Critical patent/WO2013083072A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1014Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets

Definitions

  • the present invention relates to the field of computer information, and in particular, to a method and system for online digital content authentication. Background technique
  • Autonomous control mode which usually includes the management function of digital content, and the authority to maintain digital content.
  • the user can provide the corresponding reading range by querying the rights of digital content.
  • Interface control mode This method is independent from the digital content. It is not responsible for the management of the rights. It only provides the online reading function. When the user requests to read online, it actively requests the rights of the user to the rights management center, and provides the corresponding scope after obtaining the permission information. read.
  • the autonomous control method needs to realize the management of all digital content, and the reading function is confused with the function of the business system.
  • the function is not independent and cannot be provided as a general reading tool. Service.
  • the interface control mode needs to communicate frequently with the rights management center, causing performance obstacles. At the same time, when the third party accesses online reading, it needs to develop a corresponding interface, which causes cost increase. Summary of the invention
  • the invention provides a method and a system for online digital content authentication, which are used to solve the problem that the function is confused in the autonomous control mode in the prior art, the function cannot be independent, and the information interaction needs to be frequently performed in the interface control mode. .
  • a method for online digital content authentication comprising:
  • the first rights model includes The M function rights owned by the user, where M is greater than or equal to 1; obtaining the first certificate information corresponding to the first permission model according to the correspondence between the stored certificate information and the permission model;
  • the first privilege model includes: a read scope privilege, an online concurrent privilege, a service time privilege, a copy privilege, a functional privilege in a print privilege, or a combination of a plurality of functional privilege, and each of the functional privilege Functional rights have a corresponding effective time period.
  • the first certificate information includes: a unique certificate and an effective time limit corresponding to the certificate.
  • the authenticating the first certificate information included in the second request and the M function rights in the first privilege model specifically include:
  • the authenticating the first certificate information includes:
  • the parsing the first permission model specifically includes:
  • a system for reading digital content authentication online specifically comprising:
  • a service processing system configured to receive a first request for online reading from a terminal, and obtain first user information in the first request, and obtain the first information according to a correspondence between the stored right information and the user information a first authority information corresponding to the user information, and generating a first permission model according to the first authority information, where the first permission model includes M function rights owned by the user, where M is greater than or equal to 1, according to the stored Corresponding relationship between the certificate information and the permission model, obtaining first certificate information corresponding to the first permission model, and generating a second request including the first permission model and the first certificate information;
  • the online reading system is configured to receive the second request, and authenticate the first certificate information included in the second request and the M function rights in the first permission model.
  • the online reading system specifically includes:
  • a receiving module configured to receive the second request
  • An obtaining module configured to acquire the first permission model and the first certificate information in the second request
  • a certificate authentication module configured to authenticate the first certificate information
  • the permission model authentication module is configured to authenticate the M function rights in the permission model according to the authentication result of the first certificate information
  • the content providing module is configured to provide the online reading content corresponding to the plurality of function rights through which the authentication is passed to the terminal according to the authentication result of the M function rights.
  • the certificate authentication module includes:
  • a certificate validity time obtaining unit configured to obtain a valid time period in the first certificate information
  • a certificate valid time authentication unit configured to compare a valid time period of the first certificate information with a current time, if the current time Within the validity time period of the certificate, the certificate authentication is passed, otherwise the second request is rejected.
  • the rights model authentication module performs authentication on the M function rights in the permission model, including:
  • the valid time period of the L function rights among the M function rights is compared with the current time.
  • FIG. 1 is a flow chart of a method for online digital content authentication according to the present invention
  • FIG. 2 is a schematic diagram of definition of a first authority model according to the present invention.
  • 3 is a flow chart of authenticating the first permission model and the first certificate information in the second request by the online reading system of the present invention
  • FIG. 5 is a schematic structural diagram of an online reading system according to the present invention. detailed description
  • the present invention provides a method and system for online digital content authentication, which is used to obtain user information and generate a corresponding permission model after the user sends a request to the service processing system when the user needs to perform online reading.
  • the certificate is sent to the online reading system, and the online reading system provides all the functional rights owned by the user according to the permission model and the certificate. Furthermore, it solves the system performance problem caused by frequent signal interaction between systems, realizes the simplicity of digital content management, and ensures the security of digital content.
  • Figure 1 shows a flow chart of a method for online digital content authentication. The specific process is as follows:
  • Step 101 Receive an online read first request from the terminal, and obtain first user information in the first request.
  • Step 102 Obtain first permission information corresponding to the first user information according to the correspondence between the stored permission information and the user information, and generate a first permission model according to the first permission information, where the first permission The model contains M function permissions owned by the user, where M is greater than or equal to 1.
  • the service processing system pre-stores the correspondence between the rights information and the user information. After the service processing system obtains the first user information, the service processing system consults the pre-stored corresponding relationship, thereby obtaining the first user information corresponding to the first A permission information, wherein the first permission information includes a function authority owned by the user may be a definition of one or more function rights.
  • the service processing system After obtaining the first privilege information, the service processing system generates a first privilege model according to the definition of one or more functional privilege in the first privilege information, so that the first privilege model includes the M owned by the user. Function permissions, where M is greater than or equal to 1.
  • the M function rights may be a combination of a read range right, an online concurrent right, a service time right, a copy right, a print right, or a plurality of function rights, and may be in accordance with a user's needs in the business processing system. Increase or decrease feature permissions.
  • each of the M function rights has a corresponding effective time limit.
  • Step 103 Obtain first certificate information corresponding to the first permission model according to a correspondence between the stored certificate information and the permission model.
  • the service processing system After the first privilege model is generated, the correspondence between the certificate information and the privilege model is stored in the service processing system, so after obtaining the first privilege model, the service processing system according to the first privilege model Obtain a unique first certificate information.
  • an effective time period corresponding to the certificate is obtained, thereby avoiding the user using the same indefinite period.
  • the certificate information also makes the copyright of digital content well protected.
  • Step 104 Generate a second request that includes the first permission model and the first certificate information, and send the second request to an online reading system.
  • the service processing system obtains the first authority information corresponding to the first user information and the first certificate information corresponding to the first authority information, and then the service processing system sets the first permission model and the first certificate.
  • Information added to the URL parameter (Uniform Resource Locator) Generating a second request including the first permission model and the first certificate information.
  • the first privilege model is transmitted through a URL parameter, and the rule is a first privilege model followed by a privilege scope, and the definition may be extended according to actual requirements.
  • V indicates read permission, followed by 1-5, 15-30 indicating that the current user can view the contents of pages 1 to 5 and pages 15 to 30; other permission definitions can be based on actual An extension definition is required.
  • Step 105 The first certificate information included in the second request and the M function rights in the first permission model are authenticated.
  • the online reading system After receiving the second request, the online reading system first authenticates the first certificate information in the second request, and then uses the authentication structure of the first certificate information to the M function rights in the first permission model. Perform authentication.
  • the flow chart of the first permission model and the first certificate information in the second request of the online reading system includes:
  • Step 301 Acquire, according to the second request, the first permission model and the first certificate information in the second request.
  • the online reading system After receiving the second request, the online reading system obtains the first permission model in the second request and the valid time period corresponding to the M function rights in the first permission model, and obtains the first certificate information and the first The validity period of a certificate.
  • Step 302 Perform authentication on the first certificate information, and perform authentication on the M function rights in the first permission model according to the authentication result of the first certificate information.
  • the online reading system first authenticates the first certificate information, and the first certificate information includes a unique certificate and an effective time period corresponding to the certificate, and the legality of the system authentication certificate is read online. If the certificate is legal, the validity period of the certificate is authenticated; if the certificate is not legal, the second request is rejected.
  • the validity time period of the certificate is authenticated, and the valid time period of obtaining the first certificate is compared with the current time when the user uses the certificate, if the certificate is After the current time period is after the current time, the certificate authentication is passed, and the first permission model is parsed; otherwise, the second request is rejected. After the authentication is passed, the online reading system authenticates the first permission model.
  • the online reading system obtains the M function rights in the first permission model and the valid time period corresponding to each of the M function rights, and obtains the current time of receiving the second request, and the M is obtained.
  • the valid time period for each of the functional rights is compared to the current time.
  • Step 303 Provide, according to the authentication result of the M function rights, the online reading content corresponding to the plurality of function rights that are authenticated to the terminal.
  • the online reading content corresponding to the L function rights is provided to the terminal, and the user may be on the terminal. Directly obtain the services corresponding to the L function rights, avoid frequent sending requests and frequent information interaction.
  • L is greater than or equal to 0, an integer less than or equal to M.
  • a system for online digital content authentication specifically includes:
  • the service processing system 401 is configured to receive a first request for online reading from the terminal, and obtain first user information in the first request, and obtain the foregoing according to a correspondence between the stored right information and the user information.
  • the first privilege information corresponding to the first user information, and the first privilege model is generated according to the first privilege information, where the first privilege model includes M functional privileges owned by the user, where M is greater than or equal to 1, according to the storage Corresponding relationship between the certificate information and the permission model, obtaining the first certificate information corresponding to the first permission model, and generating a second request including the first permission model and the first certificate information.
  • the online reading system 402 is connected to the service processing system, and configured to receive the second request, and authenticate the first certificate information included in the second request and the M function rights in the first permission model .
  • FIG. 5 is a schematic structural diagram of an online reading system, which specifically includes:
  • the receiving module 501 is configured to receive the second request.
  • the obtaining module 502 is configured to acquire the first permission model and the first certificate information in the second request;
  • the certificate authentication module 503 is configured to authenticate the first certificate information.
  • the permission model authentication module 504 is configured to authenticate the M function rights in the permission model according to the authentication result of the first certificate information
  • the content providing module 505 is configured to provide the online reading content corresponding to the plurality of function rights through which the authentication is passed to the terminal according to the authentication result of the M function rights.
  • the certificate authentication module 503 further includes:
  • the certificate validity time period obtaining unit is configured to obtain a valid time period in the first certificate information.
  • a certificate validity time period authentication unit configured to compare the valid time period of the first certificate information with the current time, and if the current time is within the valid time period of the certificate, the certificate authentication is passed, otherwise the rejection is The second request.
  • the permission model module performs authentication on the M function rights in the permission model, including:
  • the valid time period of the L function rights among the M function rights is compared with the current time.
  • the present invention provides a method for online digital content authentication, receiving a first request for online reading from a terminal, and acquiring first user information in the first request, and obtaining a first corresponding to the first user information.
  • the first privilege model is generated according to the first privilege information, and the first credential information corresponding to the first privilege model is obtained according to the correspondence between the stored credential information and the privilege model, and the generating includes the
  • the first permission model and the second request of the first certificate information, the first certificate information included in the second request and the M function rights in the first permission model are authenticated. Furthermore, it solves the system performance problem caused by frequent signal interaction between systems, realizes the simplicity of digital content management, and also ensures the security of digital content. It has a restraining effect and protects the copyright of digital content.
  • the spirit and scope of the invention is intended that the present invention cover the modifications and the modifications of the invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the technical field of computer information. Disclosed are a method and system for digital content online reading authentication, the method comprising: receiving a first request for online reading from a terminal, acquiring the first user information contained in the first request, acquiring the first authority information corresponding to the first user information to generate a first authority model, acquiring the first certificate information corresponding to the first authority model to further generate a second request containing the first authority model and first certificate information, and authenticating the first certificate information contained in the second request and M function authority in the first authority model, therefore solving the system performance problem caused by frequent signal interaction between systems, simplifying digital content management, preventing unauthorized leeching and protecting the digital content copyright.

Description

一种在线阅读数字内容鉴权的方法及系统  Method and system for online reading digital content authentication
本申请要求在 2011 年 12 月 9 日提交中国专利局、 申请号为 201110409347.8、发明名称为 "一种在线阅读数字内容鉴权的方法及系统"的中 国专利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域 This application claims priority to Chinese Patent Application No. 201110409347.8, entitled "A Method and System for Online Reading of Digital Content Authentication", filed on December 9, 2011, the entire contents of which are hereby incorporated by reference. Combined in this application. Technical field
本发明涉及计算机信息领域, 尤其涉及一种在线阅读数字内容鉴权的方 法及系统。 背景技术  The present invention relates to the field of computer information, and in particular, to a method and system for online digital content authentication. Background technique
随着数字内容的快速发展, 越来越多的人关注和阅读数字内容, 同时阅 读方式逐渐演变为在线阅读, 然而在线阅读的竟争也越来越激烈, 为了使得 数字内容的版权能够得到保护, 所以对于数字内容来说权限的控制尤为重要。  With the rapid development of digital content, more and more people pay attention to and read digital content, and the reading method gradually evolves into online reading. However, the competition for online reading is becoming more and more fierce, in order to protect the copyright of digital content. Therefore, the control of permissions is especially important for digital content.
目前各种数字内容产品提供的在线阅读功能都能够对数字内容的权限实 现控制, 达到版权保护的目的, 在现有技术中有以下两种实现方式:  At present, the online reading function provided by various digital content products can control the rights of digital content to achieve the purpose of copyright protection. In the prior art, there are two implementation modes:
1、 自主控制方式, 这种方式通常包含对数字内容的管理功能, 自己维护 数字内容的权限, 当用户请求在线阅读时, 通过查询数字内容的权限, 在提 供相应的阅读范围。  1. Autonomous control mode, which usually includes the management function of digital content, and the authority to maintain digital content. When the user requests online reading, the user can provide the corresponding reading range by querying the rights of digital content.
2、 接口控制方式。 这种方式从数字内容中独立出来, 自身不负责对权限 的管理, 只提供在线阅读功能, 当用户请求在线阅读时, 主动到权限管理中 心请求用户的权限, 在得到权限信息后提供相应范围的阅读。  2. Interface control mode. This method is independent from the digital content. It is not responsible for the management of the rights. It only provides the online reading function. When the user requests to read online, it actively requests the rights of the user to the rights management center, and provides the corresponding scope after obtaining the permission information. read.
本申请人在实施本发明的过程中, 发现上述技术中至少存在如下技术问 题:  In the process of implementing the present invention, the Applicant has found that at least the following technical problems exist in the above technologies:
自主控制方式需要实现对所有数字内容的管理, 同时阅读功能和业务系 统的功能混淆在一起, 功能不独立, 无法作为一个通用的阅读工具对外提供 服务。 The autonomous control method needs to realize the management of all digital content, and the reading function is confused with the function of the business system. The function is not independent and cannot be provided as a general reading tool. Service.
接口控制方式需要频繁与权限管理中心通信, 引起性能障碍, 同时第三 方接入在线阅读时, 需要开发相应的接口, 引起成本的增长。 发明内容  The interface control mode needs to communicate frequently with the rights management center, causing performance obstacles. At the same time, when the third party accesses online reading, it needs to develop a corresponding interface, which causes cost increase. Summary of the invention
本发明提供了一种在线阅读数字内容鉴权的方法及系统, 用以解决在现 有技术中在自主控制方式中功能混淆, 功能不能独立, 以及在接口控制方式 中需要频繁进行信息交互的问题。  The invention provides a method and a system for online digital content authentication, which are used to solve the problem that the function is confused in the autonomous control mode in the prior art, the function cannot be independent, and the information interaction needs to be frequently performed in the interface control mode. .
一种在线阅读数字内容鉴权的方法, 包括:  A method for online digital content authentication, comprising:
接收来自终端的在线阅读第一请求, 并获取所述第一请求中的第一用户 信息;  Receiving an online read first request from the terminal, and acquiring first user information in the first request;
根据存储的权限信息与用户信息之间的对应关系, 获得所述第一用户信 息对应的第一权限信息, 并根据所述第一权限信息生成第一权限模型, 所述 第一权限模型中包含用户所拥有的 M个功能权限, 其中 M大于等于 1 ; 根据存储的证书信息与权限模型之间的对应关系, 获得所述第一权限模 型对应的第一证书信息;  Obtaining, according to the correspondence between the stored rights information and the user information, the first rights information corresponding to the first user information, and generating a first rights model according to the first rights information, where the first rights model includes The M function rights owned by the user, where M is greater than or equal to 1; obtaining the first certificate information corresponding to the first permission model according to the correspondence between the stored certificate information and the permission model;
生成包含有所述第一权限模型和所述第一证书信息的第二请求; 鉴权所述第二请求中包含的第一证书信息以及所述第一权限模型中的 M 个功能权限。  Generating a second request including the first permission model and the first certificate information; authenticating the first certificate information included in the second request and the M function rights in the first permission model.
优选的, 所述第一权限模型中包括: 阅读范围权限、 在线并发权限、 服 务时间权限、 复制权限、 打印权限中的一个功能权限或者多个功能权限的组 合, 并且上述功能权限中的每个功能权限都具有一个对应的有效时间期限。  Preferably, the first privilege model includes: a read scope privilege, an online concurrent privilege, a service time privilege, a copy privilege, a functional privilege in a print privilege, or a combination of a plurality of functional privilege, and each of the functional privilege Functional rights have a corresponding effective time period.
优选的, 所述第一证书信息包括: 一个唯一的证书以及与所述证书对应 的有效时间期限。  Preferably, the first certificate information includes: a unique certificate and an effective time limit corresponding to the certificate.
优选的, 所述鉴权所述第二请求中包含的第一证书信息以及所述第一权 限模型中的 M个功能权限, 具体包括:  Preferably, the authenticating the first certificate information included in the second request and the M function rights in the first privilege model specifically include:
基于所述第二请求, 获取所述第二请求中的所述第一权限模型以及所述 第一证书信息, 并; Acquiring the first permission model in the second request and the First certificate information, and;
对所述第一证书信息进行鉴权, 并根据所述第一证书信息的鉴权结果, 对所述第一权限模型中的 M个功能权限进行鉴权, 并;  And authenticating the first certificate information, and authenticating the M function rights in the first permission model according to the authentication result of the first certificate information, and
根据所述 M个功能权限的鉴权结果将鉴权通过的多个功能权限对应的在 线阅读内容提供给所述终端。  And providing the online reading content corresponding to the plurality of function rights through which the authentication is passed to the terminal according to the authentication result of the M function rights.
优选的, 所述对所述第一证书信息进行鉴权, 具体包括:  Preferably, the authenticating the first certificate information includes:
获取所述第一证书信息中的有效时间期限;  Obtaining a valid time period in the first certificate information;
将第一证书信息的有效时间期限与当前时间进行比较, 如果所述证书的 有效时间期限在所述当前时间之后, 则所述证书鉴权通过, 并对所述第一权 限模型进行解析; 否则, 拒绝所述第二请求。  Comparing the valid time period of the first certificate information with the current time, if the valid time period of the certificate is after the current time, the certificate authentication is passed, and the first permission model is parsed; otherwise , rejecting the second request.
优选的, 所述对所述第一权限模型进行解析, 具体包括:  Preferably, the parsing the first permission model specifically includes:
获得所述第一权限模型中的所述 M个功能权限以及每个功能权限对应的 有效时间期限;  Obtaining the M function rights in the first permission model and an effective time period corresponding to each function authority;
将所述 M个功能权限中每个功能权限的有效时间期限与当前时间进行比 较, 如果所述 M个功能权限中有 L个功能权限的有效时间期限在所述当前时 间在之后,则提供所述 L个功能权限对应的在线阅读内容给所述终端,其中 L 大于等于 0 , 小于等于 M的整数。  Comparing the effective time period of each of the M function rights with the current time, if the valid time period of the L function rights of the M function rights is after the current time, providing the The online reading content corresponding to the L functional rights is given to the terminal, where L is greater than or equal to 0 and is less than or equal to an integer of M.
一种在线阅读数字内容鉴权的系统, 具体包括:  A system for reading digital content authentication online, specifically comprising:
业务处理系统, 用于接收来自终端的在线阅读第一请求, 并获取所述第 一请求中的第一用户信息, 根据存储的权限信息与所述用户信息之间的对应 关系, 获得所述第一用户信息对应的第一权限信息, 并根据所述第一权限信 息生成第一权限模型,所述第一权限模型中包含用户所拥有的 M个功能权限, 其中 M大于等于 1 , 根据存储的证书信息与权限模型之间的对应关系, 获得 所述第一权限模型对应的第一证书信息, 生成包含所述第一权限模型和第一 证书信息的第二请求;  a service processing system, configured to receive a first request for online reading from a terminal, and obtain first user information in the first request, and obtain the first information according to a correspondence between the stored right information and the user information a first authority information corresponding to the user information, and generating a first permission model according to the first authority information, where the first permission model includes M function rights owned by the user, where M is greater than or equal to 1, according to the stored Corresponding relationship between the certificate information and the permission model, obtaining first certificate information corresponding to the first permission model, and generating a second request including the first permission model and the first certificate information;
在线阅读系统, 用于接收所述第二请求, 并鉴权所述第二请求中包含的 第一证书信息以及所述第一权限模型中的 M个功能权限。 优选的, 所述在线阅读系统具体包括: The online reading system is configured to receive the second request, and authenticate the first certificate information included in the second request and the M function rights in the first permission model. Preferably, the online reading system specifically includes:
接收模块, 用于接收所述第二请求;  a receiving module, configured to receive the second request;
获取模块, 用于获取所述第二请求中的所述第一权限模型以及所述第一 证书信息;  An obtaining module, configured to acquire the first permission model and the first certificate information in the second request;
证书鉴权模块, 用于对所述第一证书信息进行鉴权;  a certificate authentication module, configured to authenticate the first certificate information;
权限模型鉴权模块, 用于根据所述第一证书信息的鉴权结果, 对所述权 限模型中的 M个功能权限进行鉴权;  The permission model authentication module is configured to authenticate the M function rights in the permission model according to the authentication result of the first certificate information;
内容提供模块, 用于根据所述 M个功能权限的鉴权结果将鉴权通过的多 个功能权限对应的在线阅读内容提供给所述终端。  The content providing module is configured to provide the online reading content corresponding to the plurality of function rights through which the authentication is passed to the terminal according to the authentication result of the M function rights.
优选的, 所述证书鉴权模块包括:  Preferably, the certificate authentication module includes:
证书有效时间获取单元, 用于获取所述第一证书信息中的有效时间期限; 证书有效时间鉴权单元, 用于将第一证书信息的有效时间期限与当前时 间进行比较, 如果所述当前时间在所述证书的有效时间期限内, 则所述证书 鉴权通过, 否则拒绝所述第二请求。  a certificate validity time obtaining unit, configured to obtain a valid time period in the first certificate information, and a certificate valid time authentication unit, configured to compare a valid time period of the first certificate information with a current time, if the current time Within the validity time period of the certificate, the certificate authentication is passed, otherwise the second request is rejected.
优选的, 所述权限模型鉴权模块对所述权限模型中的 M个功能权限进行 鉴权包括:  Preferably, the rights model authentication module performs authentication on the M function rights in the permission model, including:
获得所述第一权限模型中的所述 M个功能权限以及每个功能权限对应的 有效时间期限;  Obtaining the M function rights in the first permission model and an effective time period corresponding to each function authority;
将所述 M个功能权限中有 L个功能权限的有效时间期限与当前时间进行 比较。  The valid time period of the L function rights among the M function rights is compared with the current time.
本发明的一个或者多个实施方式的具体技术效果如下:  The specific technical effects of one or more embodiments of the present invention are as follows:
接收来自终端的在线阅读第一请求, 并获取所述第一请求中的第一用户 信息, 获得所述第一用户信息对应的第一权限信息, 并根据所述第一权限信 息生成第一权限模型, 根据存储的证书信息与权限模型之间的对应关系, 获 得所述第一权限模型对应的第一证书信息, 生成包含有所述第一权限模型和 所述第一证书信息的第二请求, 鉴权所述第二请求中包含的第一证书信息以 及所述第一权限模型中的 M个功能权限。 进而解决了系统之间信号频繁交互 引起的系统性能问题, 实现了数字内容管理的简便性, 同时也保证了数字内 容的安全性, 对非法盗链起到了抑制作用, 并且很好保护了数字内容的版权。 附图说明 Receiving a first request for online reading from the terminal, and acquiring first user information in the first request, obtaining first permission information corresponding to the first user information, and generating a first permission according to the first permission information And obtaining, according to a correspondence between the stored certificate information and the permission model, the first certificate information corresponding to the first permission model, and generating a second request that includes the first permission model and the first certificate information And authenticating the first certificate information included in the second request and the M function rights in the first permission model. Further solving the frequent interaction of signals between systems The system performance problem caused by the realization of the simplicity of digital content management, while also ensuring the security of digital content, inhibiting illegal chain hacking, and well protected the copyright of digital content. DRAWINGS
图 1 为本发明一种在线阅读数字内容鉴权的方法的流程图;  1 is a flow chart of a method for online digital content authentication according to the present invention;
图 2 为本发明第一权限模型定义示意图;  2 is a schematic diagram of definition of a first authority model according to the present invention;
图 3 为本发明在线阅读系统对第二请求中的第一权限模型以及第一证书 信息的鉴权流程图;  3 is a flow chart of authenticating the first permission model and the first certificate information in the second request by the online reading system of the present invention;
图 4 为本发明一种在线阅读数字内容鉴权的系统;  4 is a system for online reading digital content authentication according to the present invention;
图 5为本发明在线阅读系统的结构示意图。 具体实施方式  FIG. 5 is a schematic structural diagram of an online reading system according to the present invention. detailed description
本发明提供了一种在线阅读数字内容鉴权的方法及系统, 用以在用户需 要进行在线阅读时, 用户向业务处理系统发送请求后, 业务处理系统获得用 户信息, 并生成对应的权限模型以及证书, 发送给在线阅读系统, 在线阅读 系统根据所述权限模型以及证书提供用户所拥有的全部功能权限。 进而解决 了系统之间信号频繁交互引起的系统性能问题, 实现了数字内容管理的简便 性, 同时也保证了数字内容的安全性。  The present invention provides a method and system for online digital content authentication, which is used to obtain user information and generate a corresponding permission model after the user sends a request to the service processing system when the user needs to perform online reading. The certificate is sent to the online reading system, and the online reading system provides all the functional rights owned by the user according to the permission model and the certificate. Furthermore, it solves the system performance problem caused by frequent signal interaction between systems, realizes the simplicity of digital content management, and ensures the security of digital content.
下面结合附图和具体实施例对本发明的技术方案做详细的说明。  The technical solution of the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
如图 1 所示为一种在线阅读数字内容鉴权的方法的流程图, 具体流程如 下:  Figure 1 shows a flow chart of a method for online digital content authentication. The specific process is as follows:
步骤 101 , 接收来自终端的在线阅读第一请求, 并获取所述第一请求中的 第一用户信息。  Step 101: Receive an online read first request from the terminal, and obtain first user information in the first request.
步骤 102, 根据存储的权限信息与用户信息之间的对应关系, 获得所述第 一用户信息对应的第一权限信息, 并根据所述第一权限信息生成第一权限模 型, 所述第一权限模型中包含用户所拥有的 M个功能权限, 其中 M大于等于 1。 在业务处理系统中预存有权限信息与用户信息之间的对应关系, 在业务 处理系统获得第一用户信息之后, 业务处理系统会查阅预存的所述对应关系 , 从而获得第一用户信息对应的第一权限信息, 所述第一权限信息中包含用户 的所拥有的功能权限可能是一个或者多个功能权限的定义。 Step 102: Obtain first permission information corresponding to the first user information according to the correspondence between the stored permission information and the user information, and generate a first permission model according to the first permission information, where the first permission The model contains M function permissions owned by the user, where M is greater than or equal to 1. The service processing system pre-stores the correspondence between the rights information and the user information. After the service processing system obtains the first user information, the service processing system consults the pre-stored corresponding relationship, thereby obtaining the first user information corresponding to the first A permission information, wherein the first permission information includes a function authority owned by the user may be a definition of one or more function rights.
在获得所述第一权限信息之后, 业务处理系统根据第一权限信息中的一 个或者多个功能权限的定义生成第一权限模型, 因此在所述第一权限模型中 包含了用户所拥有的 M个功能权限, 其中 M大于等于 1.  After obtaining the first privilege information, the service processing system generates a first privilege model according to the definition of one or more functional privilege in the first privilege information, so that the first privilege model includes the M owned by the user. Function permissions, where M is greater than or equal to 1.
其中所述 M个功能权限可以是阅读范围权限、 在线并发权限、 服务时间 权限、 复制权限、 打印权限中的一个功能权限或者多个功能权限的组合, 并 且在业务处理系统中可以根据用户的需要增加或者是减少功能权限。  The M function rights may be a combination of a read range right, an online concurrent right, a service time right, a copy right, a print right, or a plurality of function rights, and may be in accordance with a user's needs in the business processing system. Increase or decrease feature permissions.
另外, 为了避免 M个功能权限中的任一功能权限被用户无限期的使用, 因此所述 M 个功能权限中的每一个功能权限都设有一个对应的有效时间期 限。  In addition, in order to prevent any one of the M function rights from being used by the user indefinitely, each of the M function rights has a corresponding effective time limit.
步骤 103 , 根据存储的证书信息与权限模型之间的对应关系, 获得所述第 一权限模型对应的第一证书信息。  Step 103: Obtain first certificate information corresponding to the first permission model according to a correspondence between the stored certificate information and the permission model.
在生成第一权限模型之后, 在所述业务处理系统中存储有证书信息与权 限模型的对应关系, 因此在获得所述第一权限模型之后, 业务处理系统会根 据所述第一权限模型对应的获得一个唯一的第一证书信息。  After the first privilege model is generated, the correspondence between the certificate information and the privilege model is stored in the service processing system, so after obtaining the first privilege model, the service processing system according to the first privilege model Obtain a unique first certificate information.
为了使得用户的证书能够在一定的时间内有效的使用, 因此在获得所述 第一证书信息中的证书之后还获得一个与所述证书对应的有效时间期限, 避 免了用户无限期的使用同一个证书信息, 同时也使得数字内容的版权得到很 好的保护。  In order to enable the user's certificate to be effectively used within a certain period of time, after obtaining the certificate in the first certificate information, an effective time period corresponding to the certificate is obtained, thereby avoiding the user using the same indefinite period. The certificate information also makes the copyright of digital content well protected.
步骤 104, 生成包含有所述第一权限模型和所述第一证书信息的第二请 求, 并将所述第二请求发送给在线阅读系统。  Step 104: Generate a second request that includes the first permission model and the first certificate information, and send the second request to an online reading system.
通过步骤 102以及步骤 103之后, 业务处理系统获得了与第一用户信息 对应的第一权限信息以及第一权限信息对应的第一证书信息, 然后业务处理 系统会将第一权限模型以及第一证书信息添加到 URL参数(统一资源定位符) 中, 生成包含第一权限模型以及第一证书信息的第二请求。 After the step 102 and the step 103, the service processing system obtains the first authority information corresponding to the first user information and the first certificate information corresponding to the first authority information, and then the service processing system sets the first permission model and the first certificate. Information added to the URL parameter (Uniform Resource Locator) Generating a second request including the first permission model and the first certificate information.
所述第一权限模型通过 URL参数进行传递, 其规则为第一权限模型后跟 权限范围, 该定义可以根据实际需求进行扩展。 如图 2中所示 V表示阅读权 限, 其后的 1-5 , 15-30表示当前用户可以翻阅第 1页到第 5页和第 15页到第 30页的内容; 其他权限定义可以根据实际需要进行扩展定义。  The first privilege model is transmitted through a URL parameter, and the rule is a first privilege model followed by a privilege scope, and the definition may be extended according to actual requirements. As shown in Figure 2, V indicates read permission, followed by 1-5, 15-30 indicating that the current user can view the contents of pages 1 to 5 and pages 15 to 30; other permission definitions can be based on actual An extension definition is required.
步骤 105,鉴权所述第二请求中包含的第一证书信息以及所述第一权限模 型中的 M个功能权限。  Step 105: The first certificate information included in the second request and the M function rights in the first permission model are authenticated.
在线阅读系统在接收到所述第二请求之后, 首先会对第二请求中的第一 证书信息进行鉴权, 然后通过第一证书信息的鉴权结构对第一权限模型中的 M个功能权限进行鉴权。  After receiving the second request, the online reading system first authenticates the first certificate information in the second request, and then uses the authentication structure of the first certificate information to the M function rights in the first permission model. Perform authentication.
如图 3 所示为在线阅读系统对第二请求中的第一权限模型以及第一证书 信息的鉴权流程图, 具体包括:  As shown in FIG. 3, the flow chart of the first permission model and the first certificate information in the second request of the online reading system includes:
步骤 301 , 基于所述第二请求, 获取所述第二请求中的所述第一权限模型 以及所述第一证书信息。  Step 301: Acquire, according to the second request, the first permission model and the first certificate information in the second request.
所述在线阅读系统在接收到第二请求之后, 获得所述第二请求中的第一 权限模型以及第一权限模型中的 M个功能权限对应的有效时间期限, 同时获 得第一证书信息以及第一证书对应的有效时间期限。  After receiving the second request, the online reading system obtains the first permission model in the second request and the valid time period corresponding to the M function rights in the first permission model, and obtains the first certificate information and the first The validity period of a certificate.
步骤 302, 对所述第一证书信息进行鉴权, 并根据所述第一证书信息的鉴 权结果, 对所述第一权限模型中的 M个功能权限进行鉴权。  Step 302: Perform authentication on the first certificate information, and perform authentication on the M function rights in the first permission model according to the authentication result of the first certificate information.
在线阅读系统首先对第一证书信息进行鉴权, 所述第一证书信息中包含 一个唯一的证书以及与所述证书对应的一个有效时间期限, 在线阅读系统鉴 权证书的合法性。 如果证书合法, 则对证书的有效时间期限进行鉴权; 如果 证书不合法, 则拒绝第二请求。  The online reading system first authenticates the first certificate information, and the first certificate information includes a unique certificate and an effective time period corresponding to the certificate, and the legality of the system authentication certificate is read online. If the certificate is legal, the validity period of the certificate is authenticated; if the certificate is not legal, the second request is rejected.
其中如果用户私自修改权限模型中的内容, 那么证书鉴权不合法, 并且 拒绝第二请求。  If the user privately modifies the content in the permission model, the certificate authentication is invalid and the second request is rejected.
在鉴权证书合法性之后, 对证书的有效时间期限进行鉴权, 通过获得第 一证书的有效时间期限与用户使用证书的当前时间进行比较, 如果所述证书 的有效时间期限在所述当前时间之后, 则所述证书鉴权通过, 并对所述第一 权限模型进行解析; 否则, 拒绝所述第二请求。 鉴权通过之后, 所述在线阅读系统对第一权限模型进行鉴权。 After the validity of the authentication certificate, the validity time period of the certificate is authenticated, and the valid time period of obtaining the first certificate is compared with the current time when the user uses the certificate, if the certificate is After the current time period is after the current time, the certificate authentication is passed, and the first permission model is parsed; otherwise, the second request is rejected. After the authentication is passed, the online reading system authenticates the first permission model.
在线阅读系统获得所述第一权限模型中的 M个功能权限以及这 M个功能 权限中每个功能权限对应的有效时间期限, 并且获得接收到所述第二请求的 当前时间, 将所述 M个功能权限中的每个功能权限的有效时间期限与所述当 前时间进行比较。  The online reading system obtains the M function rights in the first permission model and the valid time period corresponding to each of the M function rights, and obtains the current time of receiving the second request, and the M is obtained. The valid time period for each of the functional rights is compared to the current time.
步骤 303 , 根据所述 M个功能权限的鉴权结果将鉴权通过的多个功能权 限对应的在线阅读内容提供给所述终端。  Step 303: Provide, according to the authentication result of the M function rights, the online reading content corresponding to the plurality of function rights that are authenticated to the terminal.
如果所述 M个功能权限中有 L个功能权限的有效时间期限在所述当前时 间在之后, 则提供所述 L个功能权限对应的在线阅读内容给所述终端, 用户 可以在所述终端上直接获取这 L个功能权限对应的服务, 避免频繁的发送请 求以及频繁的信息交互。 其中 L大于等于 0, 小于等于 M的整数。  If the valid time period of the L function rights is after the current time, the online reading content corresponding to the L function rights is provided to the terminal, and the user may be on the terminal. Directly obtain the services corresponding to the L function rights, avoid frequent sending requests and frequent information interaction. Where L is greater than or equal to 0, an integer less than or equal to M.
如图 4所示为一种在线阅读数字内容鉴权的系统, 具体包括:  As shown in FIG. 4, a system for online digital content authentication, specifically includes:
业务处理系统 401 , 用于接收来自终端的在线阅读第一请求, 并获取所述 第一请求中的第一用户信息, 根据存储的权限信息与所述用户信息之间的对 应关系, 获得所述第一用户信息对应的第一权限信息, 并根据所述第一权限 信息生成第一权限模型, 所述第一权限模型中包含用户所拥有的 M个功能权 限, 其中 M大于等于 1 , 根据存储的证书信息与权限模型之间的对应关系, 获得所述第一权限模型对应的第一证书信息, 生成包含所述第一权限模型和 第一证书信息的第二请求。  The service processing system 401 is configured to receive a first request for online reading from the terminal, and obtain first user information in the first request, and obtain the foregoing according to a correspondence between the stored right information and the user information. The first privilege information corresponding to the first user information, and the first privilege model is generated according to the first privilege information, where the first privilege model includes M functional privileges owned by the user, where M is greater than or equal to 1, according to the storage Corresponding relationship between the certificate information and the permission model, obtaining the first certificate information corresponding to the first permission model, and generating a second request including the first permission model and the first certificate information.
在线阅读系统 402, 与所述业务处理系统连接, 用于接收所述第二请求, 并鉴权所述第二请求中包含的第一证书信息以及所述第一权限模型中的 M个 功能权限。  The online reading system 402 is connected to the service processing system, and configured to receive the second request, and authenticate the first certificate information included in the second request and the M function rights in the first permission model .
如图 5所示为在线阅读系统的结构示意图, 具体包括:  FIG. 5 is a schematic structural diagram of an online reading system, which specifically includes:
接收模块 501 , 用于接收所述第二请求; 获取模块 502,用于获取所述第二请求中的所述第一权限模型以及所述第 一证书信息; The receiving module 501 is configured to receive the second request. The obtaining module 502 is configured to acquire the first permission model and the first certificate information in the second request;
证书鉴权模块 503 , 用于对所述第一证书信息进行鉴权;  The certificate authentication module 503 is configured to authenticate the first certificate information.
权限模型鉴权模块 504, 用于根据所述第一证书信息的鉴权结果, 对所述 权限模型中的 M个功能权限进行鉴权;  The permission model authentication module 504 is configured to authenticate the M function rights in the permission model according to the authentication result of the first certificate information;
内容提供模块 505, 用于根据所述 M个功能权限的鉴权结果将鉴权通过 的多个功能权限对应的在线阅读内容提供给所述终端。  The content providing module 505 is configured to provide the online reading content corresponding to the plurality of function rights through which the authentication is passed to the terminal according to the authentication result of the M function rights.
进一步, 在所述证书鉴权模块 503中还包括:  Further, the certificate authentication module 503 further includes:
证书有效时间期限获取单元, 用于获取所述第一证书信息中的有效时间 期限。  The certificate validity time period obtaining unit is configured to obtain a valid time period in the first certificate information.
证书有效时间期限鉴权单元, 用于将第一证书信息的有效时间期限与当 前时间进行比较, 如果所述当前时间在所述证书的有效时间期限内, 则所述 证书鉴权通过, 否则拒绝所述第二请求。  a certificate validity time period authentication unit, configured to compare the valid time period of the first certificate information with the current time, and if the current time is within the valid time period of the certificate, the certificate authentication is passed, otherwise the rejection is The second request.
进一步, 所述权限模型模块对所述权限模型中的 M个功能权限进行鉴权 包括:  Further, the permission model module performs authentication on the M function rights in the permission model, including:
获得所述第一权限模型中的所述 M个功能权限以及每个功能权限对应的 有效时间期限;  Obtaining the M function rights in the first permission model and an effective time period corresponding to each function authority;
将所述 M个功能权限中有 L个功能权限的有效时间期限与当前时间进行 比较。  The valid time period of the L function rights among the M function rights is compared with the current time.
本发明提供了一种在线阅读数字内容鉴权的方法, 接收来自终端的在线 阅读第一请求, 并获取所述第一请求中的第一用户信息, 获得所述第一用户 信息对应的第一权限信息, 并根据所述第一权限信息生成第一权限模型, 根 据存储的证书信息与权限模型之间的对应关系, 获得所述第一权限模型对应 的第一证书信息, 生成包含有所述第一权限模型和所述第一证书信息的第二 请求, 鉴权所述第二请求中包含的第一证书信息以及所述第一权限模型中的 M个功能权限。 进而解决了系统之间信号频繁交互引起的系统性能问题, 实 现了数字内容管理的简便性, 同时也保证了数字内容的安全性, 对非法盗链 起到了抑制作用, 并且很好保护了数字内容的版权。 发明的精神和范围。 这样, 倘若本发明的这些修改和变型属于本发明权利要 求及其等同技术的范围之内, 则本发明也意图包含这些改动和变型在内。 The present invention provides a method for online digital content authentication, receiving a first request for online reading from a terminal, and acquiring first user information in the first request, and obtaining a first corresponding to the first user information. And the first privilege model is generated according to the first privilege information, and the first credential information corresponding to the first privilege model is obtained according to the correspondence between the stored credential information and the privilege model, and the generating includes the The first permission model and the second request of the first certificate information, the first certificate information included in the second request and the M function rights in the first permission model are authenticated. Furthermore, it solves the system performance problem caused by frequent signal interaction between systems, realizes the simplicity of digital content management, and also ensures the security of digital content. It has a restraining effect and protects the copyright of digital content. The spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and the modifications of the invention

Claims

权 利 要 求 Rights request
1、 一种在线阅读数字内容鉴权的方法, 其特征在于, 包括:  A method for online digital content authentication, characterized in that it comprises:
接收来自终端的在线阅读第一请求, 并获取所述第一请求中的第一用户 信息;  Receiving an online read first request from the terminal, and acquiring first user information in the first request;
根据存储的权限信息与用户信息之间的对应关系, 获得所述第一用户信 息对应的第一权限信息, 并根据所述第一权限信息生成第一权限模型, 所述 第一权限模型中包含用户所拥有的 M个功能权限, 其中 M大于等于 1 ; 根据存储的证书信息与权限模型之间的对应关系, 获得所述第一权限模 型对应的第一证书信息;  Obtaining, according to the correspondence between the stored rights information and the user information, the first rights information corresponding to the first user information, and generating a first rights model according to the first rights information, where the first rights model includes The M function rights owned by the user, where M is greater than or equal to 1; obtaining the first certificate information corresponding to the first permission model according to the correspondence between the stored certificate information and the permission model;
生成包含有所述第一权限模型和所述第一证书信息的第二请求; 鉴权所述第二请求中包含的第一证书信息以及所述第一权限模型中的 M 个功能权限。  Generating a second request including the first permission model and the first certificate information; authenticating the first certificate information included in the second request and the M function rights in the first permission model.
2、 如权利要求 1所述的方法, 其特征在于, 所述第一权限模型中包括: 阅读范围权限、 在线并发权限、 服务时间权限、 复制权限、 打印权限中的一 个功能权限或者多个功能权限的组合, 并且上述功能权限中的每个功能权限 都具有一个对应的有效时间期限。  2. The method according to claim 1, wherein the first permission model comprises: a reading scope authority, an online concurrent authority, a service time permission, a copy permission, a function permission in the print permission, or a plurality of functions. A combination of permissions, and each of the above functional permissions has a corresponding valid time period.
3、 如权利要求 2所述的方法, 其特征在于, 所述第一证书信息包括: 一 个唯一的证书以及与所述证书对应的有效时间期限。  3. The method according to claim 2, wherein the first certificate information comprises: a unique certificate and an effective time period corresponding to the certificate.
4、 如权利要求 3所述方法, 其特征在于, 所述鉴权所述第二请求中包含 的第一证书信息以及所述第一权限模型中的 M个功能权限, 具体包括:  The method according to claim 3, wherein the authenticating the first certificate information included in the second request and the M function rights in the first permission model specifically include:
基于所述第二请求, 获取所述第二请求中的所述第一权限模型以及所述 第一证书信息, 并;  Obtaining, according to the second request, the first permission model and the first certificate information in the second request, and
对所述第一证书信息进行鉴权, 并根据所述第一证书信息的鉴权结果, 对所述第一权限模型中的 M个功能权限进行鉴权, 并;  And authenticating the first certificate information, and authenticating the M function rights in the first permission model according to the authentication result of the first certificate information, and
根据所述 M个功能权限的鉴权结果将鉴权通过的多个功能权限对应的在 线阅读内容提供给所述终端。 Providing, according to the authentication result of the M function rights, the online reading content corresponding to the plurality of function rights through which the authentication is passed to the terminal.
5、 如权利要求 4所述的方法, 其特征在于, 所述对所述第一证书信息进 行鉴权, 具体包括: The method of claim 4, wherein the authenticating the first certificate information comprises:
获取所述第一证书信息中的有效时间期限;  Obtaining a valid time period in the first certificate information;
将第一证书信息的有效时间期限与当前时间进行比较, 如果所述证书的 有效时间期限在所述当前时间之后, 则所述证书鉴权通过, 并对所述第一权 限模型进行解析; 否则, 拒绝所述第二请求。  Comparing the valid time period of the first certificate information with the current time, if the valid time period of the certificate is after the current time, the certificate authentication is passed, and the first permission model is parsed; otherwise , rejecting the second request.
6、 如权利要求 5所述的方法, 其特征在于, 所述对所述第一权限模型进 行解析, 具体包括:  The method according to claim 5, wherein the parsing the first permission model comprises:
获得所述第一权限模型中的所述 M个功能权限以及每个功能权限对应的 有效时间期限;  Obtaining the M function rights in the first permission model and an effective time period corresponding to each function authority;
将所述 M个功能权限中每个功能权限的有效时间期限与当前时间进行比 较, 如果所述 M个功能权限中有 L个功能权限的有效时间期限在所述当前时 间在之后,则提供所述 L个功能权限对应的在线阅读内容给所述终端,其中 L 大于等于 0, 小于等于 M的整数。  Comparing the effective time period of each of the M function rights with the current time, if the valid time period of the L function rights of the M function rights is after the current time, providing the The online reading content corresponding to the L functional rights is given to the terminal, where L is greater than or equal to 0, and is less than or equal to an integer of M.
7、 一种在线阅读数字内容鉴权的系统, 其特征在于, 具体包括: 业务处理系统, 用于接收来自终端的在线阅读第一请求, 并获取所述第 一请求中的第一用户信息, 根据存储的权限信息与所述用户信息之间的对应 关系, 获得所述第一用户信息对应的第一权限信息, 并根据所述第一权限信 息生成第一权限模型,所述第一权限模型中包含用户所拥有的 M个功能权限, 其中 M大于等于 1 , 根据存储的证书信息与权限模型之间的对应关系, 获得 所述第一权限模型对应的第一证书信息, 生成包含所述第一权限模型和第一 证书信息的第二请求;  A system for online digital content authentication, comprising: a service processing system, configured to receive a first request for online reading from a terminal, and obtain first user information in the first request, Obtaining first permission information corresponding to the first user information according to the correspondence between the stored permission information and the user information, and generating a first permission model according to the first permission information, the first permission model Include the M function rights owned by the user, where M is greater than or equal to 1, and obtain the first certificate information corresponding to the first permission model according to the correspondence between the stored certificate information and the permission model, and generate the first certificate information. a permission model and a second request for the first certificate information;
在线阅读系统, 用于接收所述第二请求, 并鉴权所述第二请求中包含的 第一证书信息以及所述第一权限模型中的 M个功能权限。  And an online reading system, configured to receive the second request, and authenticate the first certificate information included in the second request and the M function rights in the first permission model.
8、如权利要求 7所述的系统, 其特征在于, 所述在线阅读系统具体包括: 接收模块, 用于接收所述第二请求;  The system of claim 7, wherein the online reading system comprises: a receiving module, configured to receive the second request;
获取模块, 用于获取所述第二请求中的所述第一权限模型以及所述第一 证书信息; An obtaining module, configured to acquire the first permission model in the second request, and the first Certificate information;
证书鉴权模块, 用于对所述第一证书信息进行鉴权;  a certificate authentication module, configured to authenticate the first certificate information;
权限模型鉴权模块, 用于根据所述第一证书信息的鉴权结果, 对所述权 限模型中的 M个功能权限进行鉴权;  The permission model authentication module is configured to authenticate the M function rights in the permission model according to the authentication result of the first certificate information;
内容提供模块, 用于根据所述 M个功能权限的鉴权结果将鉴权通过的多 个功能权限对应的在线阅读内容提供给所述终端。  The content providing module is configured to provide the online reading content corresponding to the plurality of function rights through which the authentication is passed to the terminal according to the authentication result of the M function rights.
9、 如权利要求 8所述的系统, 其特征在于, 所述证书鉴权模块包括: 证书有效时间获取单元, 用于获取所述第一证书信息中的有效时间期限; 证书有效时间鉴权单元, 用于将第一证书信息的有效时间期限与当前时 间进行比较, 如果所述当前时间在所述证书的有效时间期限内, 则所述证书 鉴权通过, 否则拒绝所述第二请求。  The system according to claim 8, wherein the certificate authentication module comprises: a certificate validity time obtaining unit, configured to acquire a valid time limit in the first certificate information; and a certificate valid time authentication unit And comparing the valid time period of the first certificate information with the current time, if the current time is within the valid time period of the certificate, the certificate authentication is passed, otherwise the second request is rejected.
10、 如权利要求 8 所述的系统, 其特征在于, 所述权限模型鉴权模块对 所述权限模型中的 M个功能权限进行鉴权包括:  10. The system according to claim 8, wherein the authorization model authentication module performs authentication on the M functional rights in the permission model, including:
获得所述第一权限模型中的所述 M个功能权限以及每个功能权限对应的 有效时间期限;  Obtaining the M function rights in the first permission model and an effective time period corresponding to each function authority;
将所述 M个功能权限中有 L个功能权限的有效时间期限与当前时间进行 比较。  The valid time period of the L function rights among the M function rights is compared with the current time.
PCT/CN2012/086147 2011-12-09 2012-12-07 Method and system for digital content online reading authentication WO2013083072A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
JP2014536109A JP2015502586A (en) 2011-12-09 2012-12-07 Online reading digital content authentication method and system
EP12856539.7A EP2690574B1 (en) 2011-12-09 2012-12-07 Method and system for digital content online reading authentication
KR1020137031874A KR101578886B1 (en) 2011-12-09 2012-12-07 Method and system for digital content online reading authentication
US13/894,138 US8943312B2 (en) 2011-12-09 2013-05-14 Method of and system for authenticating online read digital content

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110409347.8 2011-12-09
CN201110409347.8A CN103164636B (en) 2011-12-09 2011-12-09 A kind of method and system of online reading digital content authentication

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/894,138 Continuation US8943312B2 (en) 2011-12-09 2013-05-14 Method of and system for authenticating online read digital content

Publications (1)

Publication Number Publication Date
WO2013083072A1 true WO2013083072A1 (en) 2013-06-13

Family

ID=48573564

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/086147 WO2013083072A1 (en) 2011-12-09 2012-12-07 Method and system for digital content online reading authentication

Country Status (6)

Country Link
US (1) US8943312B2 (en)
EP (1) EP2690574B1 (en)
JP (1) JP2015502586A (en)
KR (1) KR101578886B1 (en)
CN (1) CN103164636B (en)
WO (1) WO2013083072A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105843790A (en) * 2016-04-27 2016-08-10 吉林工程技术师范学院 Individualized editing and publishing method
CN108512815B (en) * 2017-02-28 2021-12-10 腾讯科技(北京)有限公司 Anti-theft chain detection method, anti-theft chain detection device and server
CN107135214A (en) * 2017-04-27 2017-09-05 努比亚技术有限公司 Above-the-line protection of usage right method, equipment and computer-readable recording medium
CN111752885B (en) * 2020-06-29 2024-01-23 上海盛付通电子支付服务有限公司 Method and device for processing reading authority in reading material

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1564255A (en) * 2004-03-24 2005-01-12 华中科技大学 Digital memory media protecting method based on online controlled access tech, and its system
CN1971576A (en) * 2006-12-08 2007-05-30 华中科技大学 On-line digital copyright management method and its management server
CN101923608A (en) * 2009-06-11 2010-12-22 北大方正集团有限公司 Digital content online reading method, device and system and copyright protection method
CN101989988A (en) * 2010-11-05 2011-03-23 上海传知信息科技发展有限公司 Copyright protection system and method of ebook online reading

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2722596A1 (en) * 1994-07-13 1996-01-19 France Telecom SYSTEM FOR CONTROLLING ACCESS LIMITED TO AUTHORIZED AND RENEWABLE TIME PLACES USING A PORTABLE MEMORY MEDIUM
CN1312549C (en) * 1995-02-13 2007-04-25 英特特拉斯特技术公司 Systems and methods for secure transaction management and electronic rights protection
WO2002099640A1 (en) * 2001-06-06 2002-12-12 Yahoo Inc. System and method for controlling access to digital content, including streaming media
TWI308306B (en) * 2001-07-09 2009-04-01 Matsushita Electric Ind Co Ltd Digital work protection system, record/playback device, recording medium device, and model change device
JP2004157703A (en) * 2002-11-06 2004-06-03 Hitachi Ltd Content protection system
WO2005025116A2 (en) * 2003-09-05 2005-03-17 Limelight Networks, Inc. Management of digital content licenses
JP2006031522A (en) * 2004-07-20 2006-02-02 Dainippon Printing Co Ltd Content relay distribution server, content relay distribution computer program
US8660961B2 (en) * 2004-11-18 2014-02-25 Contentguard Holdings, Inc. Method, system, and device for license-centric content consumption
US20080083040A1 (en) * 2006-09-29 2008-04-03 Microsoft Corporation Aggregated resource license
JP4859775B2 (en) * 2007-07-18 2012-01-25 ヤフー株式会社 Content distribution apparatus, content distribution control method, and content distribution control program
JP2009163570A (en) * 2008-01-08 2009-07-23 Nec Corp Document management system, information processor, document management method and program
US8505078B2 (en) * 2008-12-28 2013-08-06 Qualcomm Incorporated Apparatus and methods for providing authorized device access

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1564255A (en) * 2004-03-24 2005-01-12 华中科技大学 Digital memory media protecting method based on online controlled access tech, and its system
CN1971576A (en) * 2006-12-08 2007-05-30 华中科技大学 On-line digital copyright management method and its management server
CN101923608A (en) * 2009-06-11 2010-12-22 北大方正集团有限公司 Digital content online reading method, device and system and copyright protection method
CN101989988A (en) * 2010-11-05 2011-03-23 上海传知信息科技发展有限公司 Copyright protection system and method of ebook online reading

Also Published As

Publication number Publication date
KR101578886B1 (en) 2015-12-18
EP2690574A1 (en) 2014-01-29
EP2690574A4 (en) 2015-05-13
US20130254534A1 (en) 2013-09-26
CN103164636B (en) 2015-12-09
CN103164636A (en) 2013-06-19
KR20140043083A (en) 2014-04-08
EP2690574B1 (en) 2018-04-18
US8943312B2 (en) 2015-01-27
JP2015502586A (en) 2015-01-22

Similar Documents

Publication Publication Date Title
US8402508B2 (en) Delegated authentication for web services
US9166966B2 (en) Apparatus and method for handling transaction tokens
US8555075B2 (en) Methods and system for storing and retrieving identity mapping information
WO2018227693A1 (en) Method and system for acquiring usage permissions of internet of things-based equipment
US8806192B2 (en) Protected authorization for untrusted clients
CN106104542A (en) Data are i.e. serviced to the content protecting of (DaaS)
TW201248526A (en) Dynamic platform reconfiguration by multi-tenant service providers
CA2798024C (en) One time passwords with ipsec and ike version 1 authentication
US8752157B2 (en) Method and apparatus for third party session validation
US8572690B2 (en) Apparatus and method for performing session validation to access confidential resources
US20150106898A1 (en) Method, device, and system for identity authentication
US8448228B2 (en) Separating authorization identity from policy enforcement identity
WO2013083072A1 (en) Method and system for digital content online reading authentication
US20240039707A1 (en) Mobile authenticator for performing a role in user authentication
CN106992978B (en) Network security management method and server
KR101579923B1 (en) Method for generating one-time password and apparatus for performing the same
EP3036674B1 (en) Proof of possession for web browser cookie based security tokens
KR101362407B1 (en) Method and apparatus for protecting digital contents using certificate
CN107590662B (en) Authentication method for calling online bank system, authentication server and system
JP2008090701A (en) Authentication access control system and add-in module to be used therefor
Song et al. Trusted web service
CN115987636B (en) Information security implementation method, device and storage medium
US8572687B2 (en) Apparatus and method for performing session validation
US8695062B2 (en) Authentication/authorization protocol for media processing components
CN118337519A (en) Authentication method, authentication device, server, medium and product

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12856539

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2012856539

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 20137031874

Country of ref document: KR

Kind code of ref document: A

Ref document number: 2014536109

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE